Staff Offensive Security Engineer

Full Time @Box posted 1 year ago

Job Description

  • Box is a recognized leader in the cloud security space. We understand that security is an ever-evolving landscape of vulnerabilities, new techniques, and best practices, so we’re doubling down our efforts. We’re in search for a staff offensive security engineer who thinks like an attacker, executes organized red team attacks against Box and our partners with Security, Product, IT and Engineering teams and help support fixing the issues identified.
  • Plan and lead red team exercise operations against the corporation for the purpose of training incident response teams
  • Plan and lead purple teaming exercises in collaboration with Incident response teams.
  • Network and host penetration testing.
  • Develop tools and maintain red team’s operational infrastructure.
  • Tracking and researching the latest attacks and how they might apply to our environments.
  • Document and present results to a variety of target audiences, ranging from highly technical engineers over to non-technical subject matter experts to senior leadership.
  • Develop the red team roadmap and drive the direction for the red team program as a whole
  • Formal education in information security, including undergraduate, graduate, or training certifications (OSCP, OSCE, SANS, etc)
  • 5+ years of offensive security responsibilities
  • 2+ years of non-consulting offensive security responsibilities
  • 2+ years of experience in informations security, network security, systems security, IT or software engineering roles
  • Preferred Skills
    • Extensive offensive security knowledge and penetration testing experience in numerous areas including web applications, networks, and infrastructure (cloud and on-prem). 
    • Experience performing reconnaissance, exploitation and privilege escalation aimed at compromising networks/applications/individuals. 
    • Knowledge with common threat modeling approaches and enterprise attack surfaces. 
    • Comfortable scripting, writing tools and malware to automate repeatable tasks.
    • Previous experience in leading or managing offensive security engagements (red team/ethical hacking)
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For details on how we protect your information when you apply, please see our Personnel Privacy Notice.

Related Jobs